<?php 
error_reporting(0);
session_start();
//  Developed by Roshan Bhattarai 
//  Visit http://roshanbh.com.np for this script and more.
//  This notice MUST stay intact for legal use

//Connect to database from here
include '../db-connection/conn.php';

//get the posted values
$user_name=htmlspecialchars($_POST['user_name'],ENT_QUOTES);
$pass=md5($_POST['password']);

//now validating the username and password
$sql="SELECT id,username,password,CONCAT_WS(' ', fname, NULL, lname) as name FROM tbl_users WHERE username='".$user_name."' ";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
//if username exists
if(mysql_num_rows($result)>0)
{
	//compare the password
	if(strcmp($row['password'],$pass)==0)
	{
		echo "yes";
		//now set the session from here if needed
		$_SESSION['u_name']=$user_name; 
		$_SESSION['name']=$row['name']; 
	}
	else
		echo "no"; 
}
else
	echo "no"; //Invalid Login


?>